der Mouse wrote:
Now what happens to all the small businesses that use MS-Exchange to
send email?
The same thing that happens if they unwittingly pick someone on ROSKO
for a mailout house: they get a sharp lesson in why due diligence is
not only good but damn near essential, and how a non-spammer looking
enough like a spammer will get treated like a spammer.
I see no more need to support direct-to-MX-from-Exchange (or any other
package that evidences Exchange's level of imperviousness to
mail-handling clue) than to support an
unwitting-and-otherwise-legitimate client of a spam-for-hire house.
Direct-to-MX-from-Exchange? That's what it's _supposed_ to do. It's
the MTA. There are some annoyances in Exchange, but true infections on
Exchange servers are extremely rare.
ITYM: direct-to-MX-from-Outlook. AFAIK Outlook _can't_ do direct-to-MX,
because it doesn't have the MX lookup code for it. In fact, if you know
how to detect what _would_ be direct-to-MX from Outlook, it's a good
filtering rule.
[High volume/long term experience: Moderate to high return at times,
zero FPs. Tho, obviously, you shouldn't apply this on your outbound
submission servers!!!!!]
This probably applies to most other MUAs - they can't MX no matter what.
Our experience indicates that MTA servers, of _any_ flavour or O/S, are
seldom infected with anything viral or wormlike. This is largely due to
the fact that "ordinary users" are virtually never reading or browsing
on the server, and the vast majority of current worm/viral compromises
require one or the other.
[Tho, in the face of a network spreader like SQLSlammer, all bets are off.]
Exchange may be worse than some other O/S/MTA combinations, but not by a
lot. It's subject to sloppy admin/config, but so is everything else.
The real issue with "compromised" Exchange (or any other MTA) is more
things like poorly chosen passwords, not worm/viral. Not exclusive to
windows by any stretch.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg